preventing spam signups

nahum

unread,

Jun 28, 2011, 3:36:18 PM6/28/11

to wellr...@googlegroups.com

So I'm now getting a significant amount of spam signups. Has anyone used any third party plugins to prevent this they liked? There are the captcha type solutions, anyone know of any math based ones?

--nahum

Tim Uckun

unread,

Jun 28, 2011, 6:23:25 PM6/28/11

to wellr...@googlegroups.com

One clever idea I ran into was to rename your email and name fields
but still create hidden fields called email and name. This way anybody
who fills out the field called "email" is a bot and you can take the
appropriate response. It's non intrusive for the user as they don't
really care what the fields are named.

I have often thought of dynamically naming your fields with guids or
something and keeping the field names in flash or in a session
variable. This would also prevent double submits. I haven't seen this
done anywhere but it seems doable and a simple solution to spam as the
spammer has no idea of what the fields are to be called. You can
combine this with the above to throw in a couple of bogus fields in
there and reject any submission with the bogus fields filled in.

Just some ideas if you have time to fool around.

Nahum Wild

unread,

Jun 28, 2011, 6:35:53 PM6/28/11

to wellr...@googlegroups.com

I like those ideas, thanks :-)

--nahum

--
You received this message because you are subscribed to the Google Groups "WellRailed" group.

To post to this group, send email to wellr...@googlegroups.com.
To unsubscribe from this group, send email to wellrailed+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/wellrailed?hl=en.

Glen Barnes

unread,

Jun 28, 2011, 7:43:15 PM6/28/11

to wellr...@googlegroups.com

On Wednesday, 29 June 2011 10:23:25 UTC+12, tim wrote:

I have often thought of dynamically naming your fields with guids or
something and keeping the field names in flash or in a session
variable. This would also prevent double submits. I haven't seen this
done anywhere but it seems doable and a simple solution to spam as the
spammer has no idea of what the fields are to be called. You can
combine this with the above to throw in a couple of bogus fields in
there and reject any submission with the bogus fields filled in.

And then 1Password would stop working for people? Good idea in theory but it may also stop legitimate tools from using your site. Something to think about if any one implements this.

Glen

Nahum Wild

unread,

Jun 28, 2011, 8:13:48 PM6/28/11

to wellr...@googlegroups.com

And I suddenly see way allowing people to login with their twitter/facebook account is being picked up by so many new sites.

--nahum

--

You received this message because you are subscribed to the Google Groups "WellRailed" group.

To view this discussion on the web visit https://groups.google.com/d/msg/wellrailed/-/bFPzRWy0fLAJ.

Y. Thong Kuah

unread,

Jun 28, 2011, 8:22:24 PM6/28/11

to wellr...@googlegroups.com

The sophisticated way would be to detect suspicious activity based on IP, or logon attempts, etc - and then display a captcha on that.

Of course, cruder methods have included adding honeypot fields. It doesn't have to be the email field, just an extra dummy hidden field usually does the trick.